This person is a verified professional.

however administrator has every privilege available separated only by domain versus local level.

a domain administrator can do anything anywhere.

a local administrator has only the power to control a single machine to which he is the local administrator and is unable to affect anything that is domain related even if it is on the local machine as well.

this being said you rarely ever use the domain administrator account.

you also will rarely use local administrators unless a program requires it.

if you are trying to see what access rights your users have in Active Directory you can view them all in the AD computers and users and view their "member of" tab to see.

You can get this information through Lepide AD Manager, if you do not need to Audit. You can get a list of All Users and get the entire permission list of any particular user as well. But, if you are looking for a free tool, you can try the one suggested by Sam. Chris (cjwdev) has a bunch of free tools, you can check his site, if he has any such tool.

And if you are looking at an Audit tool, to monitor any changes made to the AD, you can try Lepide Auditor for AD. And this tool also hows the Permissions and Privileges for all Users as well.

Documenting file system security is a challenging task. The volume of data to be collected and the variety of ways to view it require an automated solution. With DSRAZOR for Windows you can collect and report file system security definitions interactively or via a batch process. Find your Effective permissions and your Non-effective permissions to file system objects and if Inheritance is Blocked. Feel free to take a closer look http://www.visualclick.com/content/dsrazor-for-active-directory.htm